Security Roundup - 2016-12-08

Botnets might get a big influx in nodes this holiday season as researchers have discovered hard coded credentials in 80 Sony IP cameras. Sony has released a fix to remove this ‘debugging code’, but user’s still have to apply the updates.

A mobile malware strain called Gooligan has been making the rounds. Using unpatched exploits on older versions of Android, it roots the device to gain admin access, allowing it to download additional applications in the background to do things like steal information, install adware, and interact in the Google ecosystem as the user. Checkpoint has indicated that over 1 million accounts are impacted.

Duo does an analysis of their data to see if 2FA over SMS has decreased since NIST suggested it is insecure. Overall, it appears that in the 2 months since the announcement there has been no marked decrease so far, but overall SMS as a factor seems to be declining over the year in favor of methods like Universal 2 Factor (U2F) and Duo Push.

Researchers have discovered some attack vectors for credit cards which would allow attackers to repeatedly guess at details by distributing hundreds of guesses across eCommerce systems, allowing them to figure out information in seconds. MasterCard users will apparently have fraudulent activity lockdowns that occur after 100 tries. Visa, unfortunately, does not apparently have a similar lockdown.

The FBI has apparently stuck a major blow against the Avalanche botnet, taking ownership of 800K domains used by the DGA as well as seizing and shutting down servers suspected of being C&C nodes.

DeepDotWeb dives into the latest Locky mechanism where a specially crafted SVG image can direct users to malware, exploring the image itself and the browser extension it prompts users to install.

Similarly, Ars Technica explores some malware that was hidden in pixel ad banners on a variety of sites. The malware resides in a heavily obfuscated javascript file, but the actual malicious payload occurs when it loads an ad image that contains hidden malicious instructions.

BleepingComputer rounds up the ransomware. New this week: Screen lockers, tech support scams, new ransomware variants, including one that uses GPG to encrypt files.

Written on December 8, 2016